[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Roundcube issue - Auth bypass via Improper Session Management

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] Roundcube issue - Auth bypass via Improper Session Management
From: Balázs Hambalkó <hambalko.balazs@xxxxxxxxx>
Date: Tue, 1 Sep 2020 11:50:53 +0200

Hi,

Title: Authentication bypass via Improper Session Management

Product: RoundcubeMail
Tested version:  1.4.4 - 1.4.8

CVE: in progress
Credit: Balazs Hambalko, IT Security Consultant


Risk: The lack of proper session validation could lead an attacker to
access the victim user's emails.

Issue fixed: in next release

URL:
https://github.com/roundcube/roundcubemail/issues/7576

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Bagisto: Default credentials for admin interface
Next by Date: [FD] Sagemcom router insecure deserialization > privilege escalation
Previous by thread: [FD] Bagisto: Default credentials for admin interface
Next by thread: [FD] Sagemcom router insecure deserialization > privilege escalation
Index(es):
- Date
- Thread